Choosing a cheap but maintained/maintainable LAN router

Recently I’ve been tasked with the problem of finding a router that had to fulfill five key requirements: it had to offer in total four to five LAN ports, have an internal or a detachable Wifi antenna (if at all), offer a maintained/maintainable firmware, be compact and, most of all, better be cheap, for a specific reason.

The customer in question, a student hostel, provides a LAN port in each room besides the compulsory Wifi network. Which, of course, does not suffice for the modern student because of a diaspora of devices with an Ethernet jack (laptop, gaming PC/console, “smart TV”…). The simple answer could have been “well, get yourself a €10 Ethernet switch” but the culprit is that we implement access control by means of a captive portal. While we do allow multiple logons, having to logon on each device is both cumbersome and sometimes outright impossible because not every device, even if it’s a “Smart TV”, always offers an embedded Web browser (and judging by the security footprint of these “Smart TVs” this might actually not be the worst idea). Also, the customer’s interest lies in allowing/blocking individual users, not devices.

So what do we use instead of a switch? A router, of course. Because with a router, all devices connected to it appear to the captive portal under the same MAC address, so a single authentication via a capable device (i.e. a laptop) will allow all of them access to the Internet. Again, the simple answer could be “well, get yourself a €15 Wifi router” but the thing is:

  1. routers need configuration. For instance, we have a house policy of not allowing private Wifi devices in the hostel as to be able to provide the best Wifi experience. Almost every device I’ve seen has Wifi enabled out-of-the-box and usually in a insecure fashion. Even leaving Wifi aside, you’d know how to access the router’s Web UI in the first place which is a bit much too expect from the average student. So in the end I will have to pre-configure them.
  2. routers need a properly maintained or maintainable firmware. They will be provided as an “addon” to the core service of Internet access and as such must not draw hours in support requests because e.g. an application that works when connected directly behaves irrationally when connected via the router. Or, in other words: I don’t want to have to support something that is provided out of courtesy. Most firmware on cheapo off-the-shelf devices greatly sucks in many ways including especially availability of software updates. So either the vendor is renowned for good firmware support or I can at least flash a renowned one such as OpenWrt.

So this lead to the following requirements profile briefly already summarized in the introduction:

  • four to five LAN ports. I don’t want to have to support one model with three ports and one model with four ports, one size should fit all. Gigabit capability doesn’t really matter because the upstream port, due to decisions beyond my control, is a 100M port anyway…
  • internal or detachable Wifi antenna. This is actually more of a feeling thing than a hard technical requirement. In the ideal world I would specify the router to not have Wifi at all but the thing is that routers without Wifi actually start at a larger price point. Therefore I’d like the device to expose its Wifi capability as inconspicuous as possible, so ideally it has internal antennas or its external antennas can be detached.
  • maintained or maintainable firmware as just described.
  • compact, because we the bigger the size, the less likely the acceptance among students of all kinds. Hard enough to explain the need for a router, even harder to explain why it’s “so big”.
  • cheap. Not because the customer is penurious, but because students have to pay a deposit to receive a router. One on the one hand you wouldn’t hand these out for free, on the other hand you can’t offer a solution that costs a student a deposit of, say, €50.

So what solutions did I come up with? Actually just two of them:

  • the Ubiquiti EdgeRouter X. This is a pretty attractive device, seeing that it features a solid aluminium case, (passive) PoE features and Gigabit, even that I can’t use it, and, best of all, already runs a OpenWrt-based firmware out of the box. Plus Ubiquiti indeed does provide regular firmware updates. So what’s the catch? A €50 price tag.
  • the MikroTik hAP Lite (RB941-2nD-TC). This one has a plastic case but none of the crappy cheapish-looking ones MikroTik otherwise uses. In fact, out of the 1 persons of my sample group, 1 liked it over the more techy looking EdgeRouter. It doesn’t run OpenWrt out-of-the-box but can be flashed to run OpenWrt, but before I do that I’ll have a look at its RouterOS in a follow-up post.